Loading ...
Sorry, an error occurred while loading the content.

Issue with a customer running Symantec Messaging Gateway: .dat attachments

Expand Messages
  • Marcio Merlone
    Greetings, I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer
    Message 1 of 4 , Aug 19, 2013
    • 0 Attachment
      Greetings,

      I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special chars* to "randombogusfilename.dat" (_not_ winmail.dat!). Their support directed me to this Symantec KB which, in short, says "it's not our fault", even though they are the only destination where I have noticed this:

      http://www.symantec.com/business/support/index?page=content&id=TECH192394

      Has anyone experienced this or know what's this about and how to fix/workaround this? Searched Google but no luck.

      Best regards.

      --
      Marcio Merlone
      TI - Administrador de redes

      A1 Engenharia - Unidade Corporativa
      Fone:+55 41 3616-3797
      Cel:+55 41 9689-0036
      http://www.a1.ind.br/
    • Jeroen Geilman
      ... That is a truly horrible support article. It provides no proof, no examples, and no clients that are known to exhibit this behaviour (as they claim). ...
      Message 2 of 4 , Aug 19, 2013
      • 0 Attachment
        On 08/19/2013 06:24 PM, Marcio Merlone wrote:
        Greetings,

        I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special chars* to "randombogusfilename.dat" (_not_ winmail.dat!). Their support directed me to this Symantec KB which, in short, says "it's not our fault", even though they are the only destination where I have noticed this:

        http://www.symantec.com/business/support/index?page=content&id=TECH192394


        That is a truly horrible "support" article.

        It provides no proof, no examples, and no clients that are known to exhibit this behaviour (as they claim).

        Has anyone experienced this or know what's this about and how to fix/workaround this? Searched Google but no luck.

        It's about MIME, which is covered by a set of 6 wordy RFCs: http://en.wikipedia.org/wiki/MIME

        I have seen this before, and while it is usually caused by a client using a multipart construction that the recipient can't handle - or that is not 7-bit transfer-safe - the above "support" page doesn't even hint at what might be the problem.

        The specific instance in my case was a vendor implementing the php mail() system call by appending CRLF manually to all headers. The mail() documentation clearly states that all lines should end with a bare LF only, and the effect of this was to break out some inline MIME multiparts as attachments, and to entirely disappear others.

        If you're paying for Symantec support, by all means open a trouble ticket and force some cooperation for your dollars.

        A good start would be full message decodes on both sides (the raw message both on the client and in the mailbox), as well as packet dumps on both ends, to see how the message was altered in transit (if it was.)

        A tcpdump comparison between the client-side and the mailbox-side would show if Symantec is correct in that their mail-gateway-software-money-making-machine does not alter the message in transit, or if it does.


        -- 
        J.
        
      • Marcio Merlone
        ... (...) ... My customer is. Customers are always rigth, by definition. ;) They are researching on their side (I hope) with Symantec. But they are not yet
        Message 3 of 4 , Aug 20, 2013
        • 0 Attachment
          Em 19-08-2013 18:35, Jeroen Geilman escreveu:
          On 08/19/2013 06:24 PM, Marcio Merlone wrote:
          I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special chars* to "randombogusfilename.dat" (_not_ winmail.dat!). Their support directed me to this Symantec KB which, in short, says "it's not our fault", even though they are the only destination where I have noticed this:

          http://www.symantec.com/business/support/index?page=content&id=TECH19239
          Has anyone experienced this or know what's this about and how to fix/workaround this? Searched Google but no luck.
          (...)

          If you're paying for Symantec support, by all means open a trouble ticket and force some cooperation for your dollars.
          My customer is. Customers are always rigth, by definition. ;) They are researching on their side (I hope) with Symantec. But they are not yet entirely convinced it's their fault, as the KB above says.

          A good start would be full message decodes on both sides (the raw message both on the client and in the mailbox), as well as packet dumps on both ends, to see how the message was altered in transit (if it was.)
          It is. If I mail an attachment to my boss and cc my customer, my boss gets it correctly but my customer get a .dat attach. Only this customer.

          A tcpdump comparison between the client-side and the mailbox-side would show if Symantec is correct in that their mail-gateway-software-money-making-machine does not alter the message in transit, or if it does.
          Your and all experience: is there how to workaround (and thus giving my customer a hint on how to fix) this behavior of SMG? Will fuzz with message encoding on Thunderbird and test what happens, but rather not reinvent the wheel.

          Thank you all, best regards.

          --
          Marcio Merlone
          TI - Administrador de redes

          A1 Engenharia - Unidade Corporativa
          Fone:+55 41 3616-3797
          Cel:+55 41 9689-0036
          http://www.a1.ind.br/
        • LuKreme
          ... Interesting. That is one of the most worthless KBs I ve ever seen. There is no explanation at all and no indication as to what they think incorrectly
          Message 4 of 4 , Aug 20, 2013
          • 0 Attachment
            On 20 Aug 2013, at 05:21 , Marcio Merlone <marcio.merlone@...> wrote:
            > Em 19-08-2013 18:35, Jeroen Geilman escreveu:
            >> On 08/19/2013 06:24 PM, Marcio Merlone wrote:
            >>> I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special chars* to "randombogusfilename.dat" (_not_ winmail.dat!). Their support directed me to this Symantec KB which, in short, says "it's not our fault", even though they are the only destination where I have noticed this:
            >>>
            >>> http://www.symantec.com/business/support/index?page=content&id=TECH19239
            >>> Has anyone experienced this or know what's this about and how to fix/workaround this? Searched Google but no luck.
            > (...)
            >
            >> If you're paying for Symantec support, by all means open a trouble ticket and force some cooperation for your dollars.
            > My customer is. Customers are always rigth, by definition. ;) They are researching on their side (I hope) with Symantec. But they are not yet entirely convinced it's their fault, as the KB above says.

            Interesting. That is one of the most worthless KBs I've ever seen. There is no explanation at all and no indication as to what they think incorrectly constructed emails are. So, I'll make a WAG that fits in with my (deservedly low) opinion of Symantec:

            "We get confused by things like UTF-8 and, really, any character encoding that is not based on obsolete Windows code pages, so we declare by fiat that all these messages are 'incorrect' and shove them into an attachment because we are incompetent fools who cannot be bothered to work well with anyone else."

            I don't *know* that is the reason, but I suspect (highly) I'm on the right track.

            >> A good start would be full message decodes on both sides (the raw message both on the client and in the mailbox), as well as packet dumps on both ends, to see how the message was altered in transit (if it was.)

            > It is. If I mail an attachment to my boss and cc my customer, my boss gets it correctly but my customer get a .dat attach. Only this customer.

            What is in the .dat file? How is the message you sent encoded? Maybe they can't figure out mime? uudecode?

            >> A tcpdump comparison between the client-side and the mailbox-side would show if Symantec is correct in that their mail-gateway-software-money-making-machine does not alter the message in transit, or if it does.

            > Your and all experience: is there how to workaround (and thus giving my customer a hint on how to fix) this behavior of SMG? Will fuzz with message encoding on Thunderbird and test what happens, but rather not reinvent the wheel.

            You need to get one of these dat files and see what it contains, exactly, and compare that to the message you sent (and then to a copy of the message you send to, say, a gmail account. There is a chance, albeit a vanishingly small chance, that Symantec are technically correct.

            Well, no, not really.

            --
            I AM ZOMBOR! (kelly) ZOMBOR!
          Your message has been successfully submitted and would be delivered to recipients shortly.